
CLAIMS 

What is claimed is: 

> \ 

1 X 1. A mdthod comprising: 

2 X storing a curnent sort encryption key (SEK) at a first destination in an 
4 internal memory of an electronic component; 

4 storing a next SEK at the first destination in the internal memory; 

5 providing the electronic component to a second destination; and 

6 recovering a p rivate key at the second destination from a key bundle based 

7 on the current SEK, tfte next SEK and a plurality of bundles received at the second 

8 destination. \ 



1 2. The method of claim 1, wherein prior to storing the current SEK at 

2 the first destination, thdmethod further comprises: 

3 transferring at least a first bundle to the first destination via a first link; and 

4 transferring at least a second bundle to the first destination via a first out- 

5 of-band information carrying mechanism. 

1 3. The method of claim 2, wherein the first bundle includes a plurality 

2 of configuration window flCWIN) bundles. 

1 4. The method! of claim 3, wherein each of the CWIN bundles 

2 includes a configuration window material, the configuration window includes (i) a 

3 first key identifier associates with the current SEK, (ii) the current SEK, (iii) a 

4 second key identifier associated with the next SEK, (iv) the next SEK and (v) a 

5 group integrity check value for a first encryption key and a second encryption key. 

1 5. The method of claim 4, wherein the configuration window material 

2 is encrypted with the first encryption key and the second encryption key. 

1 6. The method of claim 5, wherein each CWIN bundle further 

2 includes a group identifier associated with the first encryption key and the second 

3 encryption key. 1 
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method of claim 3, wherein the second bundle includes a 
encryption key (SEK) bundles. 



8. 



(i) a sort encryption key 
key and (iii) an integrity 



The method of claim 7, wherein each of the SEK bundles includes 



(ii) a key identifier associated with the sort encryption 
check value associated with the sort encryption key. 



9. The methcd of claim 2, wherein prior to storing the current SEK at 
the first destination, the method further comprises: 

transferring the plurality of bundles to the second destination, the plurality 
of bundles includes a third bundle and a fourth bundle. 



1 1 0. The methodlof claim 9, wherein the third bundle is transferred to 

2 the second destination via a\ second link. 



1 11. The method of claim 9, wherein the fourth bundle is transferred to 

2 the second destination via a Second out-of-band information carrying medium. 

1 12. The method of claim 9, wherein the third bundle is a plurality of 

2 second part bundle encryption key (BEKp 2 ) bundles, each of the BEK^ bundles 

3 includes a second part of the Bundle encryption key and a combined integrity 

4 check value associated with a [first encryption key and a second encryption key. 



1 13. The method of claim 12, wherein the second part of the bundle 

2 encryption key and the combined integrity check value are encrypted with the first 

3 encryption key and the second encryption key. 



1 14. The method of alaim 12, wherein each BEK P2 bundle further 

2 includes a group identifier associated with the first encryption key and the second 

3 encryption key. 
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1 15 Theft* 

2 plurality of configurat: 



;thod of claim 9, wherein the fourth bundle includes a 
ion encryption key (CEK) bundles. 



1 1 6. The method of claim 15, wherein each of the CEK bundles 

2 includes (i) a configuration encryption key, (ii) a key identifier associated with the 

3 configuration encryption key and (iii) an integrity check value associated with the 

4 configuration encryption key. 
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1 17. A method comprising: 

2 at a first destination, recovering a current sort encryption key (SEK) and a 

3 next SEK based on information within a first plurality of incoming bundles and 

4 storing the current SEK anql the next SEK in an internal memory of an electronic 

5 component; and 

6 at a second destination, upon receipt of the electronic component, 

7 recovering a private key from a key bundle based on the current SEK, the next 

8 SEK and a second plurality 4>f incoming bundles. 

1 18. The method of claim 1 7, wherein the current SEK represents a 

2 current period of validity for configuration of the electronic component. 

1 19. The method oflclaim 1 7, wherein the next SEK represents a next 

2 period of validity for configuration of the electronic component. 

1 20. The method of c laim 19, wherein the private key is prevented from 

2 being recovered if the next period of validity has lapsed. 
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1 21. The method of c 

2 bundles includes a plurality of 



aim 17, wherein the first plurality of incoming 
figuration window (CWIN) bundles. 
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22. The method of c 
includes (i) a first key identifier 



lim 21, wherein each of the CWIN bundles 
issociated with the current SEK, (ii) the current 



SEK, (iii) a second key identifier associated with the next SEK, (iv) the next SEK 
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4 and (v) a group integrity check value for a first encryption key and a second 

5 encryption key. 

1 23. The rhethod of claim 22, wherein the first key identifier, the current 

2 SEK, the second keylidentifier, the next SEK and the group integrity check value 

3 are encrypted with the first encryption key and the second encryption key. 

1 24. The method of claim 23, wherein each CWIN bundle further 

2 includes a group identifier associated with the first encryption key and the second 

3 encryption key. 

1 25. The method of claim 1 7, wherein the first plurality of incoming 

2 bundles includes a plurality of sort encryption key (SEK) bundles. 



1 26. The methoq of claim 25, wherein each of the SEK bundles includes 

HF 2 (i) a sort encryption key, (in a key identifier associated with the sort encryption 

3 key, (iii) an integrity checklvalue associated with the sort encryption key. 



1 27. The method of claim 1 7, wherein the second plurality of bundles 

2 includes a plurality of first pirt bundle encryption key (BEKp 2 ) bundles and a 

3 plurality of second part bundle encryption key (BEK P2 ) bundles. 



1 28. The method of claim 27, wherein each of the BEK P2 bundles 

2 includes a second part of the bundle encryption key and a group integrity check 

3 value for a first encryption keyland a second encryption key. 

1 29. The method of claim 28, wherein one of the BEKp 2 bundles 

2 includes a first part of the bundle encryption key and an integrity check value 

3 associated with the current SEKl 

1 30. The method of claWi 29, wherein one of the BEK^ bundles 

2 includes a first part of the bundle encryption key and an integrity check value 

3 associated with the next SEK. 

042390.P7704 - 1 8- Patent Application 

Express Mail No. EL466333398US 



01 



'v 3 



ft 



ft 



1 31. The 

2 recovered upon recovering 



method of claim 30, wherein the bundle encryption key is 

the first and second parts of the bundle encryption key. 



1 32. The metjhod of claim 3 1 , wherein the private key is recovered using 

2 the bundle encryption key. 

1 33 . A methc d comprising: 

2 receiving at least a first bundle via a first link; 

3 receiving at leas : a second bundle via a first out-of-band information 

4 carrying mechanism; 

5 recovering a current sort encryption key (SEK) and a next SEK based on 

6 information contained in the first bundle and the second bundle; and 

7 storing the current SEK and the next SEK in an internal memory of an 

8 electronic component. 
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1 34. The method of claim 33, further comprising transferring the 

2 electronic component to a second destination. 
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35. The method pf claim 34 further comprising receiving at least a 
third bundle via a second link; 

receiving at least a fourth bundle via a second out-of-band information 
carrying medium; 

recovering based on nformation in the third bundle, fourth bundle, the 
current SEK and the next SEK. 



36. The method o 
key based on the bundle 



claim 35 further comprising recovering a private 
encryption key. 
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1 37. A network comprising: 

2 a source to output a first collection of encrypted keying material and a 

3 second collection of encrypted keying material; 

4 a first destination to receive the first collection of encrypted keying 

5 material, to decrypt keying material originating from the first collection of 

6 encrypted keying material for recovery of sort encryption keying material and to 

7 store the sort encryption laying material into an internal memory of an electronic 

8 component; and 

9 a second destination to receive the second collection of encrypted keying 

10 material, to decrypt keying material originating from the second collection of 

1 1 encrypted keying material for recovery of at least private key for subsequent 

12 loading in the internal memory. 
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1 38. The network of claim 37, wherein the first destination is physically 

2 separated from the second destination. 



1 39. The network of claim 37, wherein the sort encryption keying 

2 material includes a current sort encryption key (SEK) and a next SEK. 
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40. The network of claim 39, wherein the current SEK and the next 



SEK collectively represents a per 
must be configured. 



d of validity in which the electronic component 



41. The network of clain 37, wherein the second destination further 
recovers a digital certificate chain Irom the second collection of keying material 
and loads the digital certificate chajn into the internal memory. 
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